Skip to content
Permalink
Browse files
Add 3.2.1 release page
  • Loading branch information
mbeckerle committed Dec 16, 2021
1 parent 2f02412 commit a5d68cc3999927a6a62b60f528ee81696917f8f3
Showing 1 changed file with 72 additions and 0 deletions.
@@ -0,0 +1,72 @@
---

released: false
apache: true
title: 3.2.1
date: 2021-12-16
summary: >
Upgrade dependencies to fix CVE-2021-44228 (Log4J)
and CVE-2021-33813 (JDOM).
Fix unparse checksum and CRC capability ({% jira 2609 %})
artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"
checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"

key-file: "https://downloads.apache.org/daffodil/KEYS"

source-dist:
- "apache-daffodil-3.2.1-src.zip"

binary-dist:
- "apache-daffodil-3.2.1-bin.tgz"
- "apache-daffodil-3.2.1-bin.zip"
- "apache-daffodil-3.2.1-bin.msi"
- "apache-daffodil-3.2.1-1.noarch.rpm"

scala-version: 2.12
---

#### Security Improvements

This release fixes two security CVEs by updating dependency versions.

* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228
* {% jira 2611 %} Update JDOM dependency to fix CVE-2021-33813

#### Functional Improvements

A major feature, layering transforms with checksum/CRC capability, which was planned for the prior release (3.2.0) was found to be buggy when unparsing.
This has been fixed.

* {% jira 2608 %} PCAP fails with Daf 3.2.0 and IPv4 layers with checksum

#### Miscellaneous Changes

* {% jira 2577 %} remove Info message about compiler component counts
* {% jira 2145 %} Add scalac warnings
* {% jira 2592 %} Move the daffodil_program_version variable outside of generated_code.c
* {% jira 2534 %} Update ICU version - verify Daffodil impact of bug issue identified by IBM
* {% jira 2587 %} dfdlx:lookAhead compiler error if used in default value of dfdl:newVariableInstance
* {% jira 2600 %} encoding varies with environment - UTF-8 not properly set somewhere
* {% jira 2602 %} Daffodil uses different versions of log4j-api and log4j-core

#### Deprecation/Compatibility

There are no deprecations. This release is fully compatible with all functionality of the prior release.

#### Dependency Changes

The following dependencies have been added or updated

**Core**

* Log4j core 2.16.0 <small>(update)</small>
* Log4j api 2.16.0 <small>(update)</small>
* JDOM2 2.0.6.1 <small>(update)</small>

**Code Generator (runtime2)**

* OS-Lib 0.8.0 <small>(update)</small>


0 comments on commit a5d68cc

Please sign in to comment.